The present invention relates generally to a cognitive one-time password generation method, and more particularly, but not by way of limitation, to a system, method, and computer program product for generating a question to which an answer is a cognitive one-time password (i.e., a three-step password authentication password).
While generating multi-factor authentication passwords is becoming a trend in the identity validation and verification domain, one-time passwords (OTP) are conventionally considered the default solution to provide an extra level of needed security for secured services (i.e., financial institutions, secure servers, etc.).
Conventionally, OTPs are sent as a series of numerical digits varies in length from six to twelve digits that are communicated to the end user in a variety of forms like Short Message Service (SMS), e-mail, or even via voice over a phone.
Many institutions have moved to call-based delivery of passcodes rather than using only SMS delivery. This theoretically provides better security since the passcode sent via text messages could be intercepted by malware on a mobile device.
However, there is a technical problem in the conventional techniques that a text-based alphanumeric OTP could be compromised with certain types of mobile malware that parse the SMS messages and recognize the OTP, which could exploit the end user. Also, there is a burden on the user to enter the OTP into the secured service correctly as this can be difficult with randomly-generated twelve digit codes. Further, the OTP is sent directly to the user such that entering the OTP into the secured service is a two-step process (i.e., receive the OTP and then enter the received OTP).